Hy all,
I have configured my LDAP server with the following
control access. In the slapd.conf:
access to
*
by self
write
by
dn="cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com"
write
by
anonymous auth
by * none
---------------------------------------
My users file:
DEFAULT Ldap-Group == isdn, NAS-Port == 58,
User-Profile := "uid=isdn,ou=profiles,ou=radius,dc=mydomain,dc=com"
DEFAULT Auth-Type :=
Reject
Reply-Message = "Llamse a
servicio tecnico"
-------------------------------------------
My directory:
dn: dc=mydomain,dc=com
objectclass:
dcObject
objectclass: organizationalUnit
ou: Mydomain.com Radius
dc:
mydomain
dn: ou=radius,dc=mydomain,dc=com
objectclass:
organizationalUnit
ou: radius
dn:
ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass:
organizationalUnit
ou: profiles
dn:
ou=users,ou=radius,dc=mydomain,dc=com
objectclass: organizationalUnit
ou:
users
dn:
ou=admins,ou=radius,dc=mydomain,dc=com
objectclass: organizationalUnit
ou:
admins
dn:
uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass:
radiusprofile
uid: dial
radiusServiceType:
Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask:
255.255.255.0
radiusFramedRouting: None
dn:
uid=isdn,ou=profiles,ou=radius,dc=mydomain,dc=com
objectclass:
radiusprofile
uid: isdn
radiusServiceType:
Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask:
255.255.254.0
radiusFramedRouting: None
dn:
uid=example,ou=users,ou=radius,dc=mydomain,dc=com
objectclass:
radiusprofile
uid: example
userPassword: test
radiusGroupName:
dial
radiusGroupName: isdn
dn:
cn=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com
objectclass:
person
sn: freeradius
cn: freeradius
userPassword:
freeradius
dn:
cn=billing,ou=admins,ou=radius,dc=mydomain,dc=com
objectclass: person
sn:
billing
cn: billing
userPassword: billing
dn:
cn=replica,ou=admins,ou=radius,dc=mydomain,dc=com
objectclass: person
sn:
replica
cn: replica
userPassword: replica
------------------------------------------------
When I try to authorize a user, it
fails:
rad_recv: Access-Request packet from host
127.0.0.1:39035, id=223, length=59
User-Name = "example"
User-Password = "test"
NAS-IP-Address = xx.yy.cc.vv
NAS-Port = 58
Processing the authorize section of
radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request
0
rlm_realm: No '@' in User-Name
= "example", looking up realm NULL
rlm_realm: No such
realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
rlm_ldap:
Entering ldap_groupcmp()
radius_xlat:
'ou=users,ou=radius,dc=mydomain,dc=com'
radius_xlat:
'(uid=example)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap:
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap:
(re)connect to localhost:389, authentication 0
rlm_ldap: bind as / to
localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was
successful
rlm_ldap: performing search in
ou=users,ou=radius,dc=mydomain,dc=com, with filter (uid=example)
rlm_ldap:
object not found or got ambiguous search result
rlm_ldap::ldap_groupcmp: search failed
rlm_ldap:
ldap_release_conn: Release Id: 0
users: Matched entry
DEFAULT at line 3
modcall[authorize]: module "files" returns ok for
request 0
rlm_ldap: - authorize
If I remove the access control lines from
slapd.conf, it works well.
What am I doing wrong?
Regards,
Rafa